Have you heard of ADCONs? How to Prepare for Fannie Mae and Freddie Mac’s New Address Privacy Program Requirements | Bradley Arant Boult Cummings LLP
What are ADCONs and what should banks, lenders and service providers know about them?
ADCONs are state-sponsored programs designed to protect certain “participants” who are victims of crime by keeping participants’ home, work and/or school addresses confidential (“protected information”). All states and the District of Columbia have some form of ADCON law except Alaska, Utah, South Carolina, South Dakota, and Wyoming. There are a variety of types of ADCON, but all programs work by providing the participant with an alternate address (a “designated address”) to use instead of the participant’s physical home address (or “real address”). . Each ADCON has a state-level administrator who processes ADCON participation requests, forwards incoming mail to the designated address, and accepts process service for participants.
As originally enacted, ADCON obligations only applied to government agencies such as state DMVs or county registrars. In recent years, however, 21 states have adopted ADCONs that explicitly extend these obligations to private entities. Five states require private entities such as financial services companies to use the designated address in correspondence and not disclose the participant’s protected information. These five mandatory states are Indiana, Iowa, Maryland, Minnesota and Wisconsin. Two other states, Michigan and Ohio, prohibit financial services companies from disclosing protected information of participating employees. In other states, financial services firms are prohibited from obtaining an individual’s real address if the firm knows the individual is a participant.
Even if an ADCON law does not explicitly oblige private companies to comply with it, all state administrators encourage voluntary compliance by private companies. See, for example, the Montana Safe at Home training video for private companies (note that various states refer to ADCONs as “Safe at Home” programs).
What is Fannie Mae and Freddie Mac want sellers and repairers to do?
First, agencies want vendors and services to let them know if a borrower is a participant. This means that sellers and managers must enter a unique code for existing loans and future transferred loans, marking the borrower as an ADCON participant. Freddie Mac is also asking vendors to notify it of the designated address for attendees.
Second, Fannie Mae also wants sellers and repairers to comply with state laws. This means that managers must send borrower statements and other correspondence to the designated address; not to disclose the actual address without the specific consent of an entrant; and, where applicable, not to search for the real address in the public records of known participants. Notably, even though agency announcements brought about the ADCON laws, these obligations existed before the agency announcements.
Fannie Mae’s compliance deadline was September 21, 2022 and Freddie Mac’s compliance deadline was December 1, 2021.
How can financial services companies comply with ADCON?
Most financial institutions and service providers face two fundamental challenges with ADCON compliance. First, they may not have a process in place to flag participants for account opening or loan onboarding and therefore may not be aware of existing participant accounts currently in their portfolio. . Second, when making loans and opening accounts, they may not have processes, policies and procedures in place to identify participants and manage participant accounts once they are opened. . This same problem may exist for the active loan service.